Will the Smart Grid Compromise Privacy?

By Kennedy Maize

WASHINGTON, Nov. 19, 2009 — This blog has highlighted my concerns about the security of the smart grid for many months. Now, there’s a new potential problem with the smart grid: privacy.

Washington Post technology security writer Brian Krebs, in a recent posting, notes that “privacy experts are warning that the so-called ‘smart grid’ efforts could usher in a new class of concerns, as utilities begin collecting more granular data about consumers’ daily power consumption.”

Krebs points to a study this month by the Ontario, Canada, Information and Privacy Commissioner, and the Future of Privacy Forum. The study, “Smart Privacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation,” observes, “Modernization of the grid will increase the level of personal information detail available as well as the instances of collection, use and disclosure of personal information. Instead of measuring energy use at the end of each billing period, smart meters will provide this information at much shorter intervals.”

That sort of information, says the report, can be gathered and used or sold.  “Electric utilities and other providers may have access to information about what customers are using, when they are using it, and what devices are involved,” says the study. “An electricity usage profile could become a source of behavioral information on a granular level.”

In September, the Cyber Security Coordination Task Group, chartered by the National Institute of Standards and Technology, a Commerce Department agency, offered a “privacy impact assessment” of the various smart grid concepts. Among the conclusions:

* The entities involved in formulating the smart grid lack privacy standards.

* Electric utilities don’t have consistent policies about personally-identifiable information.

* Few state regulators have considered the privacy implications of a smart grid, despite a National Association of Regulatory Utility Commissioners’ 2000 regulation calling for such oversight.

* Distributed energy and smart meters will reveal personal information, and roaming smart devices, such as plug-in hybrid cars recharging at a friend’s house, will reveal additional personal information.

The Canadian report identifies some of the types of information that the smart grid might display: “Whether individuals tend to cook microwavable meals or meals on the stove; whether they have breakfast; the time at which individuals are at home; whether a house has an alarm system and how often it is activated; when occupants usually shower; when the TV and/or the computer is on; whether appliances are in good condition; the number of gadgets in the home; if the home has a washer and dryer and how often they are used; whether lights and appliances are used at off hours, such as the middle of the night; whether and how often exercise equipment such as a treadmill is used.”

This is all obviously commercially-useful information, not just in aggregate but also specific to a household. Grappling with the privacy question is another task that must be solved before the smart grid can appear in any major rollout.

I’ve said it before — and I suspect I will be saying it again, multiple times — that I prefer a strong grid to a smart grid. I don’t care nearly as much about how my local utility – Allegheny Energy – cycles my heat pump. I care a lot more about whether the heat pump comes on when I want it in the winter and summer. Gimme muscles in my grid, not smarts.